EasyTalk SQL注入导致后台登录绕过

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: EasyTalk SQL注入导致后台登录绕过 ### 详细说明: 漏洞存在文件:/Admin/Lib/Action/LoginAction.class.php: ``` public function dologin() { parent::toadmin(); $user_name=$_POST['username']; $password=$_POST['password']; $authcode=trim($_POST['authcode']); if (!$user_name || !$password || !$authcode || $authcode!=$_SESSION['authcode']) { $this->redirect('/Login/index'); exit; } if (ET_UC==TRUE) { list($uid, $username, $password, $email) = uc_user_login($user_name,$password); if($username && $uid>0) { $user = M("Users")->where("user_name='$username' AND isadmin=1")->field('user_id,user_name')->find(); if($user) { Cookie::set('adminauth', authcode("$user_name\t$user[user_id]",'ENCODE')); echo '<script>parent.location.href="'.SITE_URL.'/admin.php?s=/Index"</script>'; } else { $this->redirect('/Login/index'); } } else { $this->redirect('/Login/index'); } } else { $password=md5(md5($password)); $user = M("Users")->where("user_name='$user_name' AND password='$password' AND isadmin=1")->find(); if($user) {...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息